Forum Discussion
Brian_Gibson_30
Nimbostratus
NimbostratusSAML attributes
Hi folks,
I'm trying to set up SSO with Slack. I have most of the config done but I need to send back the username and email address to slack. Slack requires two variables to be sent back. User.Username and User.Email. I've set the following as a SAML attribute.
User.Username = %(session.logon.last.email)
And then in my access policy I have the following variable assignment.
session.logon.last.username = expr {"[string tolower [lindex [split [mcget {session.logon.last.email}] "@"] 0]]"}
This should split the email address into 2 values with the first value(0) being the username.
The problem is that Slack is seeing the F5 send back User.Username = session.logon.last.username which is no good.
Can anyone tell me what I'm doing wrong?
It should be
-- curly brackets. Can you confirm that you are using curly brackets?%{session.logon.last.email}
Evan_Champion_1Cirrus
It should be
-- curly brackets. Can you confirm that you are using curly brackets?%{session.logon.last.email}
Brian_Gibson_30That was the problem!! Thank you so much!!
My SE helped me with setting this up and I didn't have a lot of knowledge with using APM much less SAML. A bit of a trial by fire but it looks like it is working properly.
Sergei_MiadzvezAltocumulus
Assuming variable assignment agent splits username part of the email into session variable 'session.logon.last.username', assigning %{session.logon.last.username} as a value of assertion attribute should do the trick. Make sure to use curly braces.
To validate if correct username is extracted, you may use sessiondump cli tool on BIG-IP and grep for 'session.logon.last.username' values.